>> Though if it's indeed a
>> 2k DVB-H you'd find encryption in either IPsec or SRTP fashion.
>> I don't know what IPsec or SRTP packets look like in a tcpdump
> file, but
> at least UDP headers are not encrypted, and the first 4 data bytes
> look
> like some big-endian counter that gets incremented by 1 after each
> packet (separately for packets sent to ports 20000 and 20002). The
> next
> 4 bytes also look like a big-endian 32-bit number that increases for
> each packet by approximately 1920 for port 20002 and by 3600 for port
> 20000 (that has less packets sent to it) - looks like a timestamp.
From the description it sounds like RTP or a variant allright.
You might be able to dissect the packet dump with ethereal/wireshark.
I think it has an option to force the interpretation of a packet
using a specific protocol dissector.
If I'm not mistaken there is no standard way to deduce the RTP
payload from the payload type field in the header without external
information (maybe coming from an ancillary RTCP stream), but you
might be lucky and end up with something easy to understand.
Regards,
Pierluigi